Spring Security Core和自定义验证器可用于确认密码字段? [英] Spring Security Core and custom validator for a confirm password field is possible?

查看:90
本文介绍了Spring Security Core和自定义验证器可用于确认密码字段?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

如果我编写以下代码: 

  static constraints = {
密码空白:false,密码:true ,验证器:{val,obj  - > 
 if(obj.password!= obj.confirmarPassword)
 return'usuario.password.dontmatch'
} 
 confirmarPassword bindable:true 
} 
} 
 
 static transients = ['confirmarPassword']

密码 confirmarPassword 中引入相同的密码:


null id在usuario.Usuario条目中(在发生异常时不要刷新会话)

I找出问题的根源。这是下一个比较:

$ obj.password!= obj.confirmarPassword



如果我在验证器中写入以下代码: 

  printlnpassword:$ {obj.password Eclipse打印:
 printlnconfirmarPassword:$ {obj.confirmarPassword)}
  

 密码:testPassword 
 confirmarPassword:testPassword 
密码:fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb 
 confirmarPassword:testPassword

作为第二次尝试,我尝试过:

<$ p $如果(obj.password!= obj.springSecurityService.encodePassword(obj.confirmarPassword))

验证未通过:


类[class usuario.Usuario]的值[testPassword ]不通过自定义验证


以及:

<$ p $ printlnpassword:$ {obj.password}
printlnconfirmarPassword:$ {obj.springSecurityService.encodePassword(obj.confirmarPassword)}

Eclipse打印: 

 密码:testPassword 
 confirmarPassword:fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb 
密码:fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb 
 confirmarPassword:fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb

我尝试了第三次尝试: 

  if(obj.springSecurityService.encodePassword(obj.password)!= obj.springSecurityService.encodePassword (obj.confirmarPassword))

同样的错误:


null usuario.Usuario条目中的id(不会在发生异常后刷新会话)

密码看起来第二次加密两次:


fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb
confirmarPassword:fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb
密码:e8c3cb111bf39f848b9a20e186f1663fd5acb0ae018ddf5763ae65bd6f45151e
confirmarPassword:fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb 

 密码>

我的想法已经过时。客户端呢? 使用JavaScript执行此验证是否安全?



这是我完整的域类代码:

 包usuario 
 
类Usuario实现Serializable {
 
瞬间springSecurityService 
 
字符串用户名
字符串密码
布尔启用
布尔accountExpired 
布尔accountLocked 
布尔passwordExpired 
 
字符串confirmarPassword 
字符串nombre 
字符串apellidos 
字符串电子邮件
字符串telefono 
字符串documentoIdentificacion 
布尔值aceptarPoliticaDeProteccionDeDatos = Boolean.FALSE 
 
静态瞬变= ['confirmarPassword','aceptarPoliticaDeProteccionDeDatos'] 
 
 static constraints = {
 username blank:false,unique:true 
 password blank:false,password:true 
 confirmarPassword bindable:true,blank:false,pas剑:真,验证者:{val,obj  - > 
 printlnpassword:$ {obj.password}
 printlnconfirmarPassword:$ {val}
 
 if((obj.password!= val))
返回'usuario.password.dontmatch'
} 
 
 nombre blank:false 
 apellidos blank:false 
电子邮件空白:false,电子邮件:true 
 telefono blank:false,matches:[0-9  -  +()] {3,15}
 documentoIdentificacion blank:false 
 aceptarPoliticaDeProteccionDeDatos bindable:true,validator:{val,obj  - > 
 if(!obj.id&& obj.aceptarPoliticaDeProteccionDeDatos!= true)//> !obj.id:si el usuario ya noestácreado。 Si yaestácreado es que loestámodificando y no es necesario que vuelva aceptar lapolítica。 
返回'usuario.politicaprotecciondatos.notaccepted'
} 
} 
 
静态映射= {
密码列:``password`'
 } 
 
 Set< Rol> getAuthorities(){
 
 UsuarioRol.findAllByUsuario(this).collect {it.rol} as Set 
 
} 
 
 def beforeInsert(){
 encodePassword()
} 
 
 def beforeUpdate(){
 if(isDirty('password')){
 encodePassword()
} 
 
 
 protected void encodePassword(){
 password = springSecurityService.encodePassword(password)
} 
} 
  
 
 
  class User {
字符串密码
 
静态映射= {
密码列:``password`'
} 
 
设置<角色> getAuthorities(){
 UserRole.findAllByUser(this).collect {it.role} as Set 
} 
 
 def beforeInsert(){
 encodePassword()
 
 $ b $ def beforeUpdate(){
 if(isDirty('password')){
 encodePassword()
} 
} 
 
 protected void encodePassword(){
 password = springSecurityService.encodePassword(password)
} 
} 
  
它可以帮助您将编码后的密码保存在数据库中。
 
 
 
您可以使命令对象获取可变密码并进行编码像这样的密码:
 
 $ pre $ @ $ $ $ $ $ $ $ $ @ $可变
类CommandObject实现Serializable {
 
字符串密码
字符串confirmPassword 
 $ b $静态约束= {
 
密码可空:false,空:false 
 confirmPassword可空:false,空:false,验证器:{val ,对象 - > ((val!= object.password)){
 return'passwordMismatch'
} 
 return true 
} 
} 
} 
}


If I write the following code:

static constraints = {      
    password blank: false, password: true , validator:{ val, obj -> 
        if (obj.password != obj.confirmarPassword)
            return 'usuario.password.dontmatch'
    }       
    confirmarPassword bindable: true
    }
}   

static transients = ['confirmarPassword']

The following error appears after introducing the same password in password and confirmarPassword:

null id in usuario.Usuario entry (don't flush the Session after an exception occurs)

I found out the root of the problem. It is the next comparison:

obj.password != obj.confirmarPassword

If I write the following code inside the validator:

println "password: ${obj.password}"
println "confirmarPassword: ${obj.confirmarPassword)}"

Eclipse prints:

password: testPassword
confirmarPassword: testPassword
password: fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb
confirmarPassword: testPassword

As my second attempt I tried:

if (obj.password != obj.springSecurityService.encodePassword(obj.confirmarPassword))

The validation doesn't pass:

Property [password] of class [class usuario.Usuario] with value [testPassword] does not pass custom validation

And with:

println "password: ${obj.password}"
println "confirmarPassword: ${obj.springSecurityService.encodePassword(obj.confirmarPassword)}"

Eclipse prints:

password: testPassword
confirmarPassword: fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb
password: fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb
confirmarPassword: fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb

For my third attempt I tried:

if (obj.springSecurityService.encodePassword(obj.password) != obj.springSecurityService.encodePassword(obj.confirmarPassword))

Again the same error:

null id in usuario.Usuario entry (don't flush the Session after an exception occurs)

The password looks encrypted twice the second time:

password: fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb
confirmarPassword: fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb
password: e8c3cb111bf39f848b9a20e186f1663fd5acb0ae018ddf5763ae65bd6f45151e
confirmarPassword: fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb

I'm running out of ideas. What about the client side? Would it be secure to perform this validation with Javascript?

This is my full domain class code:

package usuario

class Usuario implements Serializable {

    transient springSecurityService

    String username
    String password
    boolean enabled
    boolean accountExpired
    boolean accountLocked
    boolean passwordExpired

    String confirmarPassword
    String nombre
    String apellidos
    String email
    String telefono
    String documentoIdentificacion
    boolean aceptarPoliticaDeProteccionDeDatos = Boolean.FALSE

    static transients = ['confirmarPassword', 'aceptarPoliticaDeProteccionDeDatos']

    static constraints = {
        username blank: false, unique: true
        password blank: false, password: true 
        confirmarPassword bindable: true, blank:false, password: true, validator:{ val, obj -> 
            println "password: ${obj.password}"
            println "confirmarPassword: ${val}"     

            if ((obj.password != val))
                return 'usuario.password.dontmatch' 
        }

        nombre blank: false
        apellidos blank: false
        email blank: false, email:true
        telefono blank: false, matches: "[0-9 -+()]{3,15}"
        documentoIdentificacion blank: false
        aceptarPoliticaDeProteccionDeDatos bindable: true, validator:{ val, obj ->
            if (!obj.id && obj.aceptarPoliticaDeProteccionDeDatos != true) //> !obj.id: si el usuario ya no está creado. Si ya está creado es que lo está modificando y no es necesario que vuelva a aceptar la política.
                return 'usuario.politicaprotecciondatos.notaccepted'
        }
    }

    static mapping = {
        password column: '`password`'
    }

    Set<Rol> getAuthorities() {

            UsuarioRol.findAllByUsuario(this).collect { it.rol } as Set

    }

    def beforeInsert() {
        encodePassword()
    }

    def beforeUpdate() {
        if (isDirty('password')) {
            encodePassword()
        }
    }

    protected void encodePassword() {
        password = springSecurityService.encodePassword(password)
    }
}

解决方案

If you are using spring security, you can try this: 

class User{
String password

static mapping = {
    password column: '`password`'
}

Set<Role> getAuthorities() {
    UserRole.findAllByUser(this).collect { it.role } as Set
}

def beforeInsert() {
    encodePassword()
}

def beforeUpdate() {
    if (isDirty('password')) {
        encodePassword()
    }
}

protected void encodePassword() {
    password = springSecurityService.encodePassword(password)
 }
}

It will hep you to save encoded password in database.

You can make a command object take a variable password and encode password like this:

@Validateable
class CommandObject implements Serializable {

String password
String confirmPassword

static constraints = {

    password nullable: false, blank: false
    confirmPassword nullable: false, blank: false, validator: { val, object ->
        if ((val != object.password)) {
            return 'passwordMismatch'
        }
        return true
    }        
 }
}

这篇关于Spring Security Core和自定义验证器可用于确认密码字段?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
前端开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆